As the popularity around cryptocurrency has continued to rise in 2018, it has also paved an easy path for cash-hungry scammers to launch “cryptocurrency giveaway scams.”
Link: https://threatpost.com/attackers-cashing-in-on-cryptocurrency-with-increased-scams/132275/
Several well-rated pet trackers contain flaws stemming from the use of Bluetooth LE, poor certificate handling and more.
Link: https://threatpost.com/pet-trackers-open-to-mitm-attacks-interception/132291/
Researchers warn of malware infecting 500,000 popular routers in a campaign mostly targeting the Ukraine, but also 54 other countries.
A bug in Comcast’s activation website for its Xfinity routers leaked sensitive customer data.
Link: https://threatpost.com/comcast-patches-router-bug-that-leaked-some-wi-fi-passwords/132183/
A pen-tester has found five vulnerabilities in Dell EMC RecoverPoint devices, including a critical RCE that could allow total system compromise.
A recently discovered malware steals cache data and messaging sessions from the desktop version of encrypted messaging service Telegram.
Researchers created a proof-of-concept attack that allows remote attackers to access protected APIs to extract credentials.
Link: https://threatpost.com/misconfigured-reverse-proxy-servers-spill-credentials/132085/
Threatpost talked to several security researchers about what’s changed in the past year.
Link: https://threatpost.com/one-year-after-wannacry-a-fundamentally-changed-threat-landscape/132047/
A team of academic researchers has demonstrated that it’s possible to possible to closely mimic legitimate voice commands in order to carry out nefarious actions on these home assistants.
Link: https://threatpost.com/voice-squatting-turns-alexa-google-home-into-silent-spies/132068/
Sources said the funds were diverted to fraudulent accounts in a coordinated heist that involved hundreds of wire transfers and on-the-ground accomplices.
Link: https://threatpost.com/mexicos-banking-system-sees-18m-siphoned-off-in-phantom-transactions/132004/